前言
GitLab 是一个 DevOps 生命周期管理软件(栈)
GitLab is the first single application for all stages of the DevOps lifecycle. Only GitLab enables Concurrent DevOps, unlocking organizations from the constraints of the toolchain. GitLab provides unmatched visibility, higher levels of efficiency, and comprehensive governance. This makes the software lifecycle 3 times faster, radically improving the speed of business
要快速构建一个 git 管理平台,GitLab 提供了强大的支持
使用 GitLab 可以完成 CI/CD 的完整开发流
这里演示一下如何构建 GitLab
Tip: 当前的版本为 GitLab 10.8
运行环境
代码语言:javascript复制[vagrant@h170-gitlab ~]$ hostnamectl
Static hostname: h170-gitlab
Icon name: computer-vm
Chassis: vm
Machine ID: 05c0339b5a9146f9a42a2ed0132240b7
Boot ID: 71e45dd82f1f400bb042c48e87abdd8f
Virtualization: kvm
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-862.2.3.el7.x86_64
Architecture: x86-64
[vagrant@h170-gitlab ~]$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:6f:f7:15 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic enp0s3
valid_lft 85332sec preferred_lft 85332sec
inet6 fe80::a00:27ff:fe6f:f715/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:14:30:6f brd ff:ff:ff:ff:ff:ff
inet 192.168.56.170/24 brd 192.168.56.255 scope global noprefixroute enp0s8
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe14:306f/64 scope link
valid_lft forever preferred_lft forever
[vagrant@h170-gitlab ~]$ 环境准备
参考 GitLab Installation 进行软件的环境准备
代码语言:javascript复制[vagrant@h170-gitlab ~]$ sudo yum install -y curl policycoreutils-python openssh-server
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: centos-hcm.viettelidc.com.vn
* extras: centos-hcm.viettelidc.com.vn
* updates: centos-hcm.viettelidc.com.vn
base | 3.6 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
(1/4): base/7/x86_64/group_gz | 166 kB 00:00
(2/4): extras/7/x86_64/primary_db | 147 kB 00:00
(3/4): updates/7/x86_64/primary_db | 2.0 MB 00:02
(4/4): base/7/x86_64/primary_db | 5.9 MB 00:11
Package curl-7.29.0-46.el7.x86_64 already installed and latest version
Package openssh-server-7.4p1-16.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package policycoreutils-python.x86_64 0:2.5-22.el7 will be installed
--> Processing Dependency: setools-libs >= 3.3.8-2 for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libsemanage-python >= 2.5-9 for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: audit-libs-python >= 2.1.3-4 for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: python-IPy for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.4)(64bit) for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libqpol.so.1(VERS_1.2)(64bit) for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libcgroup for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libapol.so.4(VERS_4.0)(64bit) for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: checkpolicy for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libqpol.so.1()(64bit) for package: policycoreutils-python-2.5-22.el7.x86_64
--> Processing Dependency: libapol.so.4()(64bit) for package: policycoreutils-python-2.5-22.el7.x86_64
--> Running transaction check
---> Package audit-libs-python.x86_64 0:2.8.1-3.el7 will be installed
---> Package checkpolicy.x86_64 0:2.5-6.el7 will be installed
---> Package libcgroup.x86_64 0:0.41-15.el7 will be installed
---> Package libsemanage-python.x86_64 0:2.5-11.el7 will be installed
---> Package python-IPy.noarch 0:0.75-6.el7 will be installed
---> Package setools-libs.x86_64 0:3.3.8-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
policycoreutils-python x86_64 2.5-22.el7 base 454 k
Installing for dependencies:
audit-libs-python x86_64 2.8.1-3.el7 base 75 k
checkpolicy x86_64 2.5-6.el7 base 294 k
libcgroup x86_64 0.41-15.el7 base 65 k
libsemanage-python x86_64 2.5-11.el7 base 112 k
python-IPy noarch 0.75-6.el7 base 32 k
setools-libs x86_64 3.3.8-2.el7 base 619 k
Transaction Summary
================================================================================
Install 1 Package ( 6 Dependent packages)
Total download size: 1.6 M
Installed size: 5.3 M
Downloading packages:
(1/7): libcgroup-0.41-15.el7.x86_64.rpm | 65 kB 00:00
(2/7): python-IPy-0.75-6.el7.noarch.rpm | 32 kB 00:00
(3/7): setools-libs-3.3.8-2.el7.x86_64.rpm | 619 kB 00:00
(4/7): audit-libs-python-2.8.1-3.el7.x86_64.rpm | 75 kB 00:00
(5/7): libsemanage-python-2.5-11.el7.x86_64.rpm | 112 kB 00:00
(6/7): checkpolicy-2.5-6.el7.x86_64.rpm | 294 kB 00:00
(7/7): policycoreutils-python-2.5-22.el7.x86_64.rpm | 454 kB 00:01
--------------------------------------------------------------------------------
Total 1.2 MB/s | 1.6 MB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : checkpolicy-2.5-6.el7.x86_64 1/7
Installing : audit-libs-python-2.8.1-3.el7.x86_64 2/7
Installing : python-IPy-0.75-6.el7.noarch 3/7
Installing : libsemanage-python-2.5-11.el7.x86_64 4/7
Installing : setools-libs-3.3.8-2.el7.x86_64 5/7
Installing : libcgroup-0.41-15.el7.x86_64 6/7
Installing : policycoreutils-python-2.5-22.el7.x86_64 7/7
Verifying : libcgroup-0.41-15.el7.x86_64 1/7
Verifying : setools-libs-3.3.8-2.el7.x86_64 2/7
Verifying : policycoreutils-python-2.5-22.el7.x86_64 3/7
Verifying : libsemanage-python-2.5-11.el7.x86_64 4/7
Verifying : python-IPy-0.75-6.el7.noarch 5/7
Verifying : audit-libs-python-2.8.1-3.el7.x86_64 6/7
Verifying : checkpolicy-2.5-6.el7.x86_64 7/7
Installed:
policycoreutils-python.x86_64 0:2.5-22.el7
Dependency Installed:
audit-libs-python.x86_64 0:2.8.1-3.el7 checkpolicy.x86_64 0:2.5-6.el7
libcgroup.x86_64 0:0.41-15.el7 libsemanage-python.x86_64 0:2.5-11.el7
python-IPy.noarch 0:0.75-6.el7 setools-libs.x86_64 0:3.3.8-2.el7
Complete!
[vagrant@h170-gitlab ~]$ sudo systemctl enable sshd
[vagrant@h170-gitlab ~]$ sudo systemctl start sshd
[vagrant@h170-gitlab ~]$ sudo yum install postfix
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos-hcm.viettelidc.com.vn
* extras: centos-hcm.viettelidc.com.vn
* updates: centos-hcm.viettelidc.com.vn
Package 2:postfix-2.10.1-6.el7.x86_64 already installed and latest version
Nothing to do
[vagrant@h170-gitlab ~]$ sudo systemctl enable postfix
[vagrant@h170-gitlab ~]$ sudo systemctl start postfix
[vagrant@h170-gitlab ~]$ 配置软件仓库
如果是安装 EE 就使用如下链接中的脚本
代码语言:javascript复制https://packages.gitlab.com/install/repositories/gitlab/gitlab-ee/script.rpm.sh如果是安装 CE 就使用如下链接中的脚本
代码语言:javascript复制https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh 这里我使用 CE
Tip: CE 与 EE 有什么差异可以参考 Community Edition or Enterprise Edition, 总体来讲就是 EE 包含了 CE 的特性,CE 是 MIT 的授权,EE 在 CE 的基础上额外特性部分加入了私有协议
这里我使用 CE
代码语言:javascript复制[vagrant@h170-gitlab ~]$ curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 6463 0 6463 0 0 5030 0 --:--:-- 0:00:01 --:--:-- 5029
Detected operating system as centos/7.
Checking for curl...
Detected curl...
Downloading repository file: https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/config_file.repo?os=centos&dist=7&source=script
done.
Installing pygpgme to verify GPG signatures...
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos-hcm.viettelidc.com.vn
* extras: centos-hcm.viettelidc.com.vn
* updates: centos-hcm.viettelidc.com.vn
gitlab_gitlab-ce-source/signature | 836 B 00:00
Retrieving key from https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
Importing GPG key 0xE15E78F4:
Userid : "GitLab B.V. (package repository signing key) <packages@gitlab.com>"
Fingerprint: 1a4c 919d b987 d435 9396 38b9 1421 9a96 e15e 78f4
From : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
Retrieving key from https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
gitlab_gitlab-ce-source/signature | 951 B 00:01 !!!
gitlab_gitlab-ce-source/primary | 175 B 00:03
Package pygpgme-0.3-9.el7.x86_64 already installed and latest version
Nothing to do
Installing yum-utils...
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos-hcm.viettelidc.com.vn
* extras: centos-hcm.viettelidc.com.vn
* updates: centos-hcm.viettelidc.com.vn
Resolving Dependencies
--> Running transaction check
---> Package yum-utils.noarch 0:1.1.31-45.el7 will be installed
--> Processing Dependency: python-kitchen for package: yum-utils-1.1.31-45.el7.noarch
--> Processing Dependency: libxml2-python for package: yum-utils-1.1.31-45.el7.noarch
--> Running transaction check
---> Package libxml2-python.x86_64 0:2.9.1-6.el7_2.3 will be installed
---> Package python-kitchen.noarch 0:1.1.1-5.el7 will be installed
--> Processing Dependency: python-chardet for package: python-kitchen-1.1.1-5.el7.noarch
--> Running transaction check
---> Package python-chardet.noarch 0:2.2.1-1.el7_1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
yum-utils noarch 1.1.31-45.el7 base 119 k
Installing for dependencies:
libxml2-python x86_64 2.9.1-6.el7_2.3 base 247 k
python-chardet noarch 2.2.1-1.el7_1 base 227 k
python-kitchen noarch 1.1.1-5.el7 base 267 k
Transaction Summary
================================================================================
Install 1 Package ( 3 Dependent packages)
Total download size: 859 k
Installed size: 4.3 M
Downloading packages:
(1/4): python-kitchen-1.1.1-5.el7.noarch.rpm | 267 kB 00:00
(2/4): yum-utils-1.1.31-45.el7.noarch.rpm | 119 kB 00:00
(3/4): python-chardet-2.2.1-1.el7_1.noarch.rpm | 227 kB 00:00
(4/4): libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm | 247 kB 00:00
--------------------------------------------------------------------------------
Total 851 kB/s | 859 kB 00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-chardet-2.2.1-1.el7_1.noarch 1/4
Installing : python-kitchen-1.1.1-5.el7.noarch 2/4
Installing : libxml2-python-2.9.1-6.el7_2.3.x86_64 3/4
Installing : yum-utils-1.1.31-45.el7.noarch 4/4
Verifying : yum-utils-1.1.31-45.el7.noarch 1/4
Verifying : libxml2-python-2.9.1-6.el7_2.3.x86_64 2/4
Verifying : python-kitchen-1.1.1-5.el7.noarch 3/4
Verifying : python-chardet-2.2.1-1.el7_1.noarch 4/4
Installed:
yum-utils.noarch 0:1.1.31-45.el7
Dependency Installed:
libxml2-python.x86_64 0:2.9.1-6.el7_2.3 python-chardet.noarch 0:2.2.1-1.el7_1
python-kitchen.noarch 0:1.1.1-5.el7
Complete!
Generating yum cache for gitlab_gitlab-ce...
Importing GPG key 0xE15E78F4:
Userid : "GitLab B.V. (package repository signing key) <packages@gitlab.com>"
Fingerprint: 1a4c 919d b987 d435 9396 38b9 1421 9a96 e15e 78f4
From : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
The repository is setup! You can now install packages.
[vagrant@h170-gitlab ~]$ ll /etc/yum.repos.d/
total 36
-rw-r--r--. 1 root root 1664 5月 17 13:53 CentOS-Base.repo
-rw-r--r--. 1 root root 1309 5月 17 13:53 CentOS-CR.repo
-rw-r--r--. 1 root root 649 5月 17 13:53 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root 314 5月 17 13:53 CentOS-fasttrack.repo
-rw-r--r--. 1 root root 630 5月 17 13:53 CentOS-Media.repo
-rw-r--r--. 1 root root 1331 5月 17 13:53 CentOS-Sources.repo
-rw-r--r--. 1 root root 4768 5月 17 13:53 CentOS-Vault.repo
-rw-r--r--. 1 root root 773 6月 2 16:21 gitlab_gitlab-ce.repo
[vagrant@h170-gitlab ~]$ cat /etc/yum.repos.d/gitlab_gitlab-ce.repo
[gitlab_gitlab-ce]
name=gitlab_gitlab-ce
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/7/$basearch
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
[gitlab_gitlab-ce-source]
name=gitlab_gitlab-ce-source
baseurl=https://packages.gitlab.com/gitlab/gitlab-ce/el/7/SRPMS
repo_gpgcheck=1
gpgcheck=1
enabled=1
gpgkey=https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
[vagrant@h170-gitlab ~]$ 安装 gitlb
代码语言:javascript复制[vagrant@h170-gitlab ~]$ yum install -y gitlab-ce
Loaded plugins: fastestmirror
You need to be root to perform this command.
[vagrant@h170-gitlab ~]$ sudo yum install -y gitlab-ce
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos-hcm.viettelidc.com.vn
* extras: centos-hcm.viettelidc.com.vn
* updates: centos-hcm.viettelidc.com.vn
Resolving Dependencies
--> Running transaction check
---> Package gitlab-ce.x86_64 0:10.8.3-ce.0.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
gitlab-ce x86_64 10.8.3-ce.0.el7 gitlab_gitlab-ce 401 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 401 M
Installed size: 1.2 G
Downloading packages:
warning: /var/cache/yum/x86_64/7/gitlab_gitlab-ce/packages/gitlab-ce-10.8.3-ce.0.el7.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID f27eab47: NOKEY
Public key for gitlab-ce-10.8.3-ce.0.el7.x86_64.rpm is not installed
gitlab-ce-10.8.3-ce.0.el7.x86_64.rpm | 401 MB 04:02
Retrieving key from https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
Importing GPG key 0xE15E78F4:
Userid : "GitLab B.V. (package repository signing key) <packages@gitlab.com>"
Fingerprint: 1a4c 919d b987 d435 9396 38b9 1421 9a96 e15e 78f4
From : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
Retrieving key from https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
Importing GPG key 0xF27EAB47:
Userid : "GitLab, Inc. <support@gitlab.com>"
Fingerprint: dbef 8977 4ddb 9eb3 7d9f c3a0 3cfc f9ba f27e ab47
From : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-3D645A26AB9FBD22.pub.gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : gitlab-ce-10.8.3-ce.0.el7.x86_64 1/1
It looks like GitLab has not been configured yet; skipping the upgrade script.
*. *.
*** ***
***** *****
.****** *******
******** ********
,,,,,,,,,***********,,,,,,,,,
,,,,,,,,,,,*********,,,,,,,,,,,
.,,,,,,,,,,,*******,,,,,,,,,,,,
,,,,,,,,,*****,,,,,,,,,.
,,,,,,,****,,,,,,
.,,,***,,,,
,*,.
_______ __ __ __
/ ____(_) /_/ / ____ _/ /_
/ / __/ / __/ / / __ `/ __
/ /_/ / / /_/ /___/ /_/ / /_/ /
____/_/__/_____/__,_/_.___/
Thank you for installing GitLab!
GitLab was unable to detect a valid hostname for your instance.
Please configure a URL for your GitLab instance by setting `external_url`
configuration in /etc/gitlab/gitlab.rb file.
Then, you can start your GitLab instance by running the following command:
sudo gitlab-ctl reconfigure
For a comprehensive list of configuration options please see the Omnibus GitLab readme
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md
Verifying : gitlab-ce-10.8.3-ce.0.el7.x86_64 1/1
Installed:
gitlab-ce.x86_64 0:10.8.3-ce.0.el7
Complete!
[vagrant@h170-gitlab ~]$ echo $?
0
[vagrant@h170-gitlab ~]$ Tip: 也可以参考 Manually Downloading and Installing a GitLab Package 来下载 RPM 包,然后进行手动安装,下载地址可以参考 Packages 和 Installation instructions 安装指导
配置运行
代码语言:javascript复制[vagrant@h170-gitlab ~]$ gitlab-ctl status
[vagrant@h170-gitlab ~]$ gitlab-ctl reconfigure
[2018-06-02T16:33:58 00:00] FATAL: Failed to open or create log file at /var/log/gitlab/reconfigure/1527957238.log: Errno::EACCES (Permission denied @ rb_sysopen - /var/log/gitlab/reconfigure/1527957238.log)
[2018-06-02T16:33:58 00:00] FATAL: Aborting due to invalid 'log_location' configuration
[vagrant@h170-gitlab ~]$ sudo gitlab-ctl reconfigure
Starting Chef Client, version 13.6.4
resolving cookbooks for run list: ["gitlab"]
Synchronizing Cookbooks:
- gitlab (0.0.1)
- package (0.1.0)
- postgresql (0.1.0)
- registry (0.1.0)
- mattermost (0.1.0)
- consul (0.0.0)
- gitaly (0.1.0)
- letsencrypt (0.1.0)
- nginx (0.1.0)
- runit (0.14.2)
- acme (3.1.0)
- crond (0.1.0)
- compat_resource (12.19.0)
Installing Cookbook Gems:
Compiling Cookbooks...
Recipe: gitlab::default
* directory[/etc/gitlab] action create
- change mode from '0755' to '0775'
- restore selinux security context
Converging 467 resources
* directory[/etc/gitlab] action create (up to date)
* directory[Create /var/opt/gitlab] action create
- create new directory /var/opt/gitlab
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* directory[/opt/gitlab/embedded/etc] action create
- create new directory /opt/gitlab/embedded/etc
- change mode from '' to '0755'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* template[/opt/gitlab/embedded/etc/gitconfig] action create
- create new file /opt/gitlab/embedded/etc/gitconfig
- update content in file /opt/gitlab/embedded/etc/gitconfig from none to 987af3
--- /opt/gitlab/embedded/etc/gitconfig 2018-06-02 16:34:19.011559567 0000
/opt/gitlab/embedded/etc/.chef-gitconfig20180602-5611-1n7dwro 2018-06-02 16:34:19.011559567 0000
@@ -1 1,11 @@
[pack]
threads = 1
[receive]
fsckObjects = true
advertisePushOptions = true
[repack]
writeBitmaps = true
[transfer]
hideRefs=^refs/tmp/
hideRefs=^refs/keep-around/
- change mode from '' to '0755'
- restore selinux security context
Recipe: gitlab::web-server
* account[Webserver user and group] action create
* group[Webserver user and group] action create
- create group gitlab-www
* linux_user[Webserver user and group] action create
- create user gitlab-www
Recipe: gitlab::users
* directory[/var/opt/gitlab] action create (up to date)
* account[GitLab user and group] action create
* group[GitLab user and group] action create
- create group git
* linux_user[GitLab user and group] action create
- create user git
* template[/var/opt/gitlab/.gitconfig] action create
- create new file /var/opt/gitlab/.gitconfig
- update content in file /var/opt/gitlab/.gitconfig from none to b924e8
--- /var/opt/gitlab/.gitconfig 2018-06-02 16:34:19.269559514 0000
/var/opt/gitlab/.chef-.gitconfig20180602-5611-1r5btg4.gitconfig 2018-06-02 16:34:19.269559514 0000
@@ -1 1,12 @@
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
[user]
name = GitLab
email = gitlab@gitlab.example.com
[core]
autocrlf = input
[gc]
auto = 0
- change mode from '' to '0644'
- change owner from '' to 'git'
- change group from '' to 'git'
- restore selinux security context
Recipe: gitlab::gitlab-shell
* storage_directory[/var/opt/gitlab/.ssh] action create
* ruby_block[directory resource: /var/opt/gitlab/.ssh] action run
- execute the ruby block directory resource: /var/opt/gitlab/.ssh
* directory[/var/log/gitlab/gitlab-shell/] action create
- create new directory /var/log/gitlab/gitlab-shell/
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[/var/opt/gitlab/gitlab-shell] action create
- create new directory /var/opt/gitlab/gitlab-shell
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* templatesymlink[Create a config.yml and create a symlink to Rails root] action create
* template[/var/opt/gitlab/gitlab-shell/config.yml] action create
- create new file /var/opt/gitlab/gitlab-shell/config.yml
- update content in file /var/opt/gitlab/gitlab-shell/config.yml from none to d824f9
--- /var/opt/gitlab/gitlab-shell/config.yml 2018-06-02 16:34:19.910559392 0000
/var/opt/gitlab/gitlab-shell/.chef-config20180602-5611-1ty6b3h.yml 2018-06-02 16:34:19.910559392 0000
@@ -1 1,44 @@
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
# GitLab user. git by default
user: git
# Url to gitlab instance. Used for api calls. Should end with a slash.
gitlab_url: "http://127.0.0.1:8080"
http_settings:
# user: someone
# password: somepass
# ca_file: /etc/ssl/cert.pem
# ca_path: /etc/pki/tls/certs
# self_signed_cert: false
# File used as authorized_keys for gitlab user
auth_file: "/var/opt/gitlab/.ssh/authorized_keys"
# Redis settings used for pushing commit notices to gitlab
redis:
host: 127.0.0.1
port:
socket: /var/opt/gitlab/redis/redis.socket
database:
namespace: resque:gitlab
# Log file.
# Default is gitlab-shell.log in the root directory.
log_file: "/var/log/gitlab/gitlab-shell/gitlab-shell.log"
# Log level. INFO by default
log_level:
# Audit usernames.
# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
# incurs an extra API call on every gitlab-shell command.
audit_usernames:
- restore selinux security context
* link[Link /opt/gitlab/embedded/service/gitlab-shell/config.yml to /var/opt/gitlab/gitlab-shell/config.yml] action create
- create symlink at /opt/gitlab/embedded/service/gitlab-shell/config.yml to /var/opt/gitlab/gitlab-shell/config.yml
* link[/opt/gitlab/embedded/service/gitlab-shell/.gitlab_shell_secret] action create
- create symlink at /opt/gitlab/embedded/service/gitlab-shell/.gitlab_shell_secret to /opt/gitlab/embedded/service/gitlab-rails/.gitlab_shell_secret
* execute[/opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions] action run
- execute /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-keys check-permissions
* bash[Set proper security context on ssh files for selinux] action run
[execute] restorecon reset /var/opt/gitlab/.ssh context unconfined_u:object_r:var_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /var/opt/gitlab/.ssh/authorized_keys context unconfined_u:object_r:var_t:s0->unconfined_u:object_r:ssh_home_t:s0
restorecon reset /var/opt/gitlab/gitlab-shell/config.yml context unconfined_u:object_r:var_t:s0->unconfined_u:object_r:ssh_home_t:s0
- execute "bash" "/tmp/chef-script20180602-5611-10nn240"
Recipe: gitlab::gitlab-rails
* storage_directory[/var/opt/gitlab/git-data] action create
* ruby_block[directory resource: /var/opt/gitlab/git-data] action run
- execute the ruby block directory resource: /var/opt/gitlab/git-data
* storage_directory[/var/opt/gitlab/git-data/repositories] action create
* ruby_block[directory resource: /var/opt/gitlab/git-data/repositories] action run
- execute the ruby block directory resource: /var/opt/gitlab/git-data/repositories
* directory[/var/log/gitlab] action create
- change owner from 'root' to 'git'
- restore selinux security context
* storage_directory[/var/opt/gitlab/gitlab-rails/shared] action create
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared
* storage_directory[/var/opt/gitlab/gitlab-rails/shared/artifacts] action create
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/artifacts] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/artifacts
* storage_directory[/var/opt/gitlab/gitlab-rails/shared/lfs-objects] action create
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/lfs-objects] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/lfs-objects
* storage_directory[/var/opt/gitlab/gitlab-rails/uploads] action create
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/uploads] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/uploads
* storage_directory[/var/opt/gitlab/gitlab-ci/builds] action create
* ruby_block[directory resource: /var/opt/gitlab/gitlab-ci/builds] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-ci/builds
* storage_directory[/var/opt/gitlab/gitlab-rails/shared/cache] action create
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/cache] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/cache
* storage_directory[/var/opt/gitlab/gitlab-rails/shared/tmp] action create
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/tmp] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/tmp
* storage_directory[/var/opt/gitlab/gitlab-rails/shared/pages] action create
* ruby_block[directory resource: /var/opt/gitlab/gitlab-rails/shared/pages] action run
- execute the ruby block directory resource: /var/opt/gitlab/gitlab-rails/shared/pages
* directory[create /var/opt/gitlab/gitlab-rails/etc] action create
- create new directory /var/opt/gitlab/gitlab-rails/etc
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[create /opt/gitlab/etc/gitlab-rails] action create
- create new directory /opt/gitlab/etc/gitlab-rails
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[create /var/opt/gitlab/gitlab-rails/working] action create
- create new directory /var/opt/gitlab/gitlab-rails/working
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[create /var/opt/gitlab/gitlab-rails/tmp] action create
- create new directory /var/opt/gitlab/gitlab-rails/tmp
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[create /var/opt/gitlab/gitlab-rails/upgrade-status] action create
- create new directory /var/opt/gitlab/gitlab-rails/upgrade-status
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* directory[create /var/log/gitlab/gitlab-rails] action create
- create new directory /var/log/gitlab/gitlab-rails
- change mode from '' to '0700'
- change owner from '' to 'git'
- restore selinux security context
* storage_directory[/var/opt/gitlab/backups] action create
* ruby_block[directory resource: /var/opt/gitlab/backups] action run
- execute the ruby block directory resource: /var/opt/gitlab/backups
* directory[/var/opt/gitlab/gitlab-rails] action create
- change owner from 'root' to 'git'
- restore selinux security context
* directory[/var/opt/gitlab/gitlab-ci] action create
- change owner from 'root' to 'git'
- restore selinux security context
* file[/var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key] action create (skipped due to only_if)
* template[/opt/gitlab/etc/gitlab-rails/gitlab-rails-rc] action create
- create new file /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc
- update content in file /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc from none to 15c7d9
--- /opt/gitlab/etc/gitlab-rails/gitlab-rails-rc 2018-06-02 16:34:35.121556280 0000
/opt/gitlab/etc/gitlab-rails/.chef-gitlab-rails-rc20180602-5611-1rwn2ba2018-06-02 16:34:35.120556280 0000
@@ -1 1,2 @@
gitlab_user='git'
- restore selinux security context
* file[/opt/gitlab/embedded/service/gitlab-rails/.secret] action delete (up to date)
* file[/var/opt/gitlab/gitlab-rails/etc/secret] action delete (up to date)
* templatesymlink[Create a database.yml and create a symlink to Rails root] action create
* template[/var/opt/gitlab/gitlab-rails/etc/database.yml] action create
- create new file /var/opt/gitlab/gitlab-rails/etc/database.yml
- update content in file /var/opt/gitlab/gitlab-rails/etc/database.yml from none to 00a743
--- /var/opt/gitlab/gitlab-rails/etc/database.yml 2018-06-02 16:34:35.158556271 0000
/var/opt/gitlab/gitlab-rails/etc/.chef-database20180602-5611-18r5wnt.yml 2018-06-02 16:34:35.158556271 0000
@@ -1 1,23 @@
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
production:
adapter: postgresql
encoding: unicode
collation:
database: gitlabhq_production
pool: 10
username: "gitlab"
password:
host: "/var/opt/gitlab/postgresql"
port: 5432
socket:
sslmode:
sslrootcert:
sslca:
load_balancing: {"hosts":[]}
prepared_statements: false
statements_limit: 1000
fdw:
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[Link /opt/gitlab/embedded/service/gitlab-rails/config/database.yml to /var/opt/gitlab/gitlab-rails/etc/database.yml] action create
- create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/database.yml to /var/opt/gitlab/gitlab-rails/etc/database.yml
* templatesymlink[Create a secrets.yml and create a symlink to Rails root] action create
* template[/var/opt/gitlab/gitlab-rails/etc/secrets.yml] action create
- create new file /var/opt/gitlab/gitlab-rails/etc/secrets.yml
- update content in file /var/opt/gitlab/gitlab-rails/etc/secrets.yml from none to ec7f26
- suppressed sensitive resource
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[Link /opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml to /var/opt/gitlab/gitlab-rails/etc/secrets.yml] action create
- create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/secrets.yml to /var/opt/gitlab/gitlab-rails/etc/secrets.yml
* templatesymlink[Create a resque.yml and create a symlink to Rails root] action create
* template[/var/opt/gitlab/gitlab-rails/etc/resque.yml] action create
- create new file /var/opt/gitlab/gitlab-rails/etc/resque.yml
- update content in file /var/opt/gitlab/gitlab-rails/etc/resque.yml from none to ec4232
--- /var/opt/gitlab/gitlab-rails/etc/resque.yml 2018-06-02 16:34:35.237556255 0000
/var/opt/gitlab/gitlab-rails/etc/.chef-resque20180602-5611-i5ac2d.yml2018-06-02 16:34:35.237556255 0000
@@ -1 1,3 @@
production:
url: unix:/var/opt/gitlab/redis/redis.socket
- change mode from '' to '0644'
- change owner from '' to 'root'
- change group from '' to 'root'
- restore selinux security context
* link[Link /opt/gitlab/embedded/service/gitlab-rails/config/resque.yml to /var/opt/gitlab/gitlab-rails/etc/resque.yml] action create
- create symlink at /opt/gitlab/embedded/service/gitlab-rails/config/resque.yml to /var/opt/gitlab/gitlab-rails/etc/resque.yml
* templatesymlink[Create a redis.cache.yml and create a symlink to Rails root] action create (skipped due to not_if)
* templatesymlink[Create a redis.queues.yml and create a symlink to Rails root] action create (skipped due to not_if)
* templatesymlink[Create a redis.shared_state.yml and create a symlink to Rails root] action create (skipped due to not_if)
* templatesymlink[Create a aws.yml and create a symlink to Rails root] action delete
* file[/var/opt/gitlab/gitlab-rails/etc/aws.yml] action delete (up to date)
* link[/opt/gitlab/embedded/service/gitlab-rails/config/aws.yml] action delete (up to date)
(up to date)
* templatesymlink[Create a smtp_settings.rb and create a symlink to Rails root] action delete
* file[/var/opt/gitlab/gitlab-rails/etc/smtp_settings.rb] action delete (up to date)
* link[/opt/gitlab/embedded/service/gitlab-rails/config/initializers/smtp_settings.rb] action delete (up to date)
(up to date)
* templatesymlink[Create a gitlab.yml and create a symlink to Rails root] action create
* template[/var/opt/gitlab/gitlab-rails/etc/gitlab.yml] action create
- create new file /var/opt/gitlab/gitlab-rails/etc/gitlab.yml
- update content in file /var/opt/gitlab/gitlab-rails/etc/gitlab.yml from none to 094b72
--- /var/opt/gitlab/gitlab-rails/etc/gitlab.yml 2018-06-02 16:34:35.339556234 0000
/var/opt/gitlab/gitlab-rails/etc/.chef-gitlab20180602-5611-71biqr.yml2018-06-02 16:34:35.339556234 0000
@@ -1 1,509 @@
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
production: &base
#
# 1. GitLab app settings
# ==========================
## GitLab settings
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlab.example.com
port: 80
https: false
# Uncommment this line below if your ssh host is different from HTTP/HTTPS one
# (you'd obviously need to replace ssh.host_example.com with your own host).
# Otherwise, ssh host will be set to the `host:` value above
ssh_host:
# WARNING: See config/application.rb under "Relative url support" for the list of
# other files that need to be changed for relative url support
relative_url_root:
# Trusted Proxies
# Customize if you have GitLab behind a reverse proxy which is running on a different machine.
# Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
trusted_proxies:
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
user: git
## Date & Time settings
time_zone:
## Email settings
# Uncomment and set to false if you need to disable email sending from GitLab (default: true)
email_enabled:
# Email address used in the "From" field in mails sent by GitLab
email_from: gitlab@gitlab.example.com
email_display_name:
email_reply_to:
email_subject_suffix:
# Email server smtp settings are in [a separate file](initializers/smtp_settings.rb.sample).
## User settings
default_can_create_group: # default: true
username_changing_enabled: # default: true - User can change her username/namespace
## Default theme
## 1 - Graphite
## 2 - Charcoal
## 3 - Green
## 4 - Gray
## 5 - Violet
## 6 - Blue
default_theme: # default: 2
## Automatic issue closing
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
# This happens when the commit is pushed or merged into the default branch of a project.
# When not specified the default issue_closing_pattern as specified below will be used.
# Tip: you can test your closing pattern at http://rubular.com
issue_closing_pattern:
## Default project features settings
default_projects_features:
issues:
merge_requests:
wiki:
snippets:
builds:
container_registry:
## Webhook settings
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
webhook_timeout:
## Repository downloads directory
# When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
# The default is 'tmp/repositories' relative to the root of the Rails app.
repository_downloads_path:
usage_ping_enabled:
## Reply by email
# Allow users to comment on issues and merge requests by replying to notification emails.
# For documentation on how to set this up, see https://docs.gitlab.com/ce/administration/reply_by_email.html
incoming_email:
enabled: false
# The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
# The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
address:
# Email account username
# With third party providers, this is usually the full email address.
# With self-hosted email servers, this is usually the user part of the email address.
user:
# Email account password
password:
# IMAP server host
host:
# IMAP server port
port:
# Whether the IMAP server uses SSL
ssl:
# Whether the IMAP server uses StartTLS
start_tls:
# The mailbox where incoming mail will end up. Usually "inbox".
mailbox: "inbox"
# The IDLE command timeout.
idle_timeout:
## Build Artifacts
artifacts:
enabled: true
# The location where Build Artifacts are stored (default: shared/artifacts).
path: /var/opt/gitlab/gitlab-rails/shared/artifacts
object_store:
enabled: false
direct_upload: false
background_upload: true
proxy_download: false
remote_directory: "artifacts"
connection: {}
## Git LFS
lfs:
enabled:
# The location where LFS objects are stored (default: shared/lfs-objects).
storage_path: /var/opt/gitlab/gitlab-rails/shared/lfs-objects
object_store:
enabled: false
direct_upload: false
background_upload: true
proxy_download: false
remote_directory: "lfs-objects"
connection: {}
## Uploads
uploads:
# The location where uploads objects are stored (default: public/).
storage_path: /opt/gitlab/embedded/service/gitlab-rails/public
object_store:
enabled: false
direct_upload: false
background_upload: true
proxy_download: false
remote_directory: "uploads"
connection: {}
## Container Registry
registry:
enabled: false
host:
port:
api_url: # internal address to the registry, will be used by GitLab to directly communicate with API
path:
key: /var/opt/gitlab/gitlab-rails/etc/gitlab-registry.key
issuer: omnibus-gitlab-issuer
mattermost:
enabled: false
host:
## GitLab Pages
pages:
enabled: false
path: /var/opt/gitlab/gitlab-rails/shared/pages
host:
port:
https: false
external_http: null
external_https: null
artifacts_server: true
## Gravatar
## For Libravatar see: https://docs.gitlab.com/ce/customization/libravatar.html
gravatar:
# gravatar urls: possible placeholders: %{hash} %{size} %{email}
plain_url: # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
ssl_url: # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
## Sidekiq
sidekiq:
log_format: default
## Auxiliary jobs
# Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
# Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
cron_jobs:
# Flag stuck CI builds as failed
stuck_ci_jobs_worker:
cron:
# Remove expired build artifacts
expire_build_artifacts_worker:
cron:
# Schedule pipelines in the near future
pipeline_schedule_worker:
cron:
# Periodically run 'git fsck' on all repositories. If started more than
# once per hour you will have concurrent 'git fsck' jobs.
repository_check_worker:
cron:
# Send admin emails once a week
admin_email_worker:
cron:
# Remove outdated repository archives
repository_archive_cache_worker:
cron:
# Verify custom GitLab Pages domains
pages_domain_verification_cron_worker:
cron:
##
# GitLab EE only jobs:
# Snapshot active users statistics
# In addition to refreshing users when they log in,
# periodically refresh LDAP users membership.
# NOTE: This will only take effect if LDAP is enabled
# GitLab LDAP group sync worker
# NOTE: This will only take effect if LDAP is enabled
# GitLab Geo repository sync worker
# NOTE: This will only take effect if Geo is enabled
# GitLab Geo file download dispatch worker
# NOTE: This will only take effect if Geo is enabled
# GitLab Geo repository verification primary batch worker
# NOTE: This will only take effect if Geo is enabled
# GitLab Geo repository verification secondary scheduler worker
# NOTE: This will only take effect if Geo is enabled
# GitLab Geo migrated local files clean up worker
# NOTE: This will only take effect if Geo is enabled (secondary nodes only)
#
# 2. GitLab CI settings
# ==========================
gitlab_ci:
# Default project notifications settings:
#
# Send emails only on broken builds (default: true)
all_broken_builds:
#
# Add pusher to recipients list (default: false)
add_pusher:
# The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
builds_path: /var/opt/gitlab/gitlab-ci/builds
#
# 3. Auth settings
# ==========================
## LDAP settings
# You can inspect a sample of the LDAP users with login access by running:
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: false
sync_time:
host:
port:
uid:
method: # "tls" or "ssl" or "plain"
bind_dn:
password:
active_directory:
allow_username_or_email_login:
lowercase_usernames:
base:
user_filter:
## EE only
group_base:
admin_group:
sync_ssh_keys:
sync_time:
## Kerberos settings
kerberos:
# Allow the HTTP Negotiate authentication method for Git clients
enabled:
# Kerberos 5 keytab file. The keytab file must be readable by the GitLab user,
# and should be different from other keytabs in the system.
# (default: use default keytab from Krb5 config)
keytab:
# The Kerberos service name to be used by GitLab.
# (default: accept any service name in keytab file)
service_principal_name:
# Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
# To support both Basic and Negotiate methods with older versions of Git, configure
# nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines
# to dedicate this port to Kerberos authentication. (default: false)
use_dedicated_port:
port:
https:
